diff options
Diffstat (limited to 'lass/2configs')
| -rw-r--r-- | lass/2configs/buildbot-standalone.nix | 20 | ||||
| -rw-r--r-- | lass/2configs/default.nix | 4 | ||||
| -rw-r--r-- | lass/2configs/mail.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/nixpkgs.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/pulse.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/repo-sync.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/websites/util.nix | 41 |
7 files changed, 38 insertions, 35 deletions
diff --git a/lass/2configs/buildbot-standalone.nix b/lass/2configs/buildbot-standalone.nix index cf3354fd7..7422abdc8 100644 --- a/lass/2configs/buildbot-standalone.nix +++ b/lass/2configs/buildbot-standalone.nix @@ -13,8 +13,8 @@ in { config.krebs.buildbot.master = let stockholm-mirror-url = http://cgit.prism/stockholm ; in { - slaves = { - testslave = "lasspass"; + workers = { + testworker = "lasspass"; }; change_source.stockholm = '' stockholm_repo = '${stockholm-mirror-url}' @@ -36,7 +36,7 @@ in { }; builder_pre = '' # prepare grab_repo step for stockholm - grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental') + grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental', alwaysUseLatest=True) # TODO: get nixpkgs/stockholm paths from krebs env_lass = { @@ -94,7 +94,7 @@ in { system={}".format(i)]) bu.append(util.BuilderConfig(name="build-all", - slavenames=slavenames, + workernames=workernames, factory=f)) ''; @@ -152,7 +152,7 @@ in { make system=prism pkgs.{}".format(i)]) bu.append(util.BuilderConfig(name="build-pkgs", - slavenames=slavenames, + workernames=workernames, factory=f)) ''; }; @@ -162,15 +162,15 @@ in { enable = true; nick = "buildbot-lass"; server = "ni.r"; - channels = [ { channels = "retiolum"; } ]; + channels = [ { channel = "retiolum"; } ]; allowForce = true; }; }; - config.krebs.buildbot.slave = { + config.krebs.buildbot.worker = { enable = true; masterhost = "localhost"; - username = "testslave"; + username = "testworker"; password = "lasspass"; packages = with pkgs; [ gnumake jq nix populate ]; extraEnviron = { @@ -190,8 +190,8 @@ in { options.lass.build-ssh-privkey = mkOption { type = types.secret-file; default = { - path = "${config.users.users.buildbotSlave.home}/ssh.privkey"; - owner = { inherit (config.users.users.buildbotSlave ) name uid;}; + path = "${config.users.users.buildbotworker.home}/ssh.privkey"; + owner = { inherit (config.users.users.buildbotworker ) name uid;}; source-path = toString <secrets> + "/build.ssh.key"; }; }; diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index a7d2a6cef..21a2ec038 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -194,7 +194,9 @@ with import <stockholm/lib>; { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } - { predicate = "-i retiolum"; target = "REJECT"; precedence = -10000; } + { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; } + { predicate = "-p udp -i retiolum"; target = "REJECT --reject-with icmp-port-unreachable"; v6 = false; precedence = -10000; } + { predicate = "-i retiolum"; target = "REJECT --reject-with icmp-proto-unreachable"; v6 = false; precedence = -10000; } ]; }; }; diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index c637b08fb..872acc003 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -12,7 +12,7 @@ let msmtp = pkgs.writeBashBin "msmtp" '' ${pkgs.coreutils}/bin/tee >(${pkgs.notmuch}/bin/notmuch insert +sent) | \ - ${pkgs.msmtp}/bin/msmtp -C ${msmtprc} $@ + ${pkgs.msmtp}/bin/msmtp -C ${msmtprc} "$@" ''; muttrc = pkgs.writeText "muttrc" '' diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index e665b6c6f..caca98746 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "0195ab84607ac3a3aa07a79d2d6c2781b1bb6731"; + ref = "ee52e9809185bdf44452f2913e3f6ef839c15c4e"; }; } diff --git a/lass/2configs/pulse.nix b/lass/2configs/pulse.nix index 373207461..55efaea13 100644 --- a/lass/2configs/pulse.nix +++ b/lass/2configs/pulse.nix @@ -26,7 +26,7 @@ let ''; daemonConf = pkgs.writeText "daemon.conf" '' - exit-idle-time=0 + exit-idle-time=-1 flat-volumes = no default-fragments = 4 default-fragment-size-msec = 25 diff --git a/lass/2configs/repo-sync.nix b/lass/2configs/repo-sync.nix index baa4bb380..765769936 100644 --- a/lass/2configs/repo-sync.nix +++ b/lass/2configs/repo-sync.nix @@ -41,7 +41,7 @@ let mirror.url = "${mirror}${name}"; }; tv = { - origin.url = "http://cgit.ni.i/${name}"; + origin.url = "http://cgit.ni.r/${name}"; mirror.url = "${mirror}${name}"; }; lassulus = { diff --git a/lass/2configs/websites/util.nix b/lass/2configs/websites/util.nix index 55be8a8d9..3356fe9a8 100644 --- a/lass/2configs/websites/util.nix +++ b/lass/2configs/websites/util.nix @@ -8,28 +8,29 @@ rec { let domain = head domains; in { - security.acme = { - certs."${domain}" = { - email = "lassulus@gmail.com"; - webroot = "/var/lib/acme/challenges/${domain}"; - plugins = [ - "account_key.json" - "key.pem" - "fullchain.pem" - ]; - group = "nginx"; - allowKeysForGroup = true; - extraDomains = genAttrs domains (_: null); - }; - }; + #security.acme = { + # certs."${domain}" = { + # email = "lassulus@gmail.com"; + # webroot = "/var/lib/acme/challenges/${domain}"; + # plugins = [ + # "account_key.json" + # "key.pem" + # "fullchain.pem" + # ]; + # group = "nginx"; + # allowKeysForGroup = true; + # extraDomains = genAttrs domains (_: null); + # }; + #}; krebs.nginx.servers."${domain}" = { + ssl.acmeEnable = true; server-names = domains; - locations = [ - (nameValuePair "/.well-known/acme-challenge" '' - root /var/lib/acme/challenges/${domain}/; - '') - ]; + #locations = [ + # (nameValuePair "/.well-known/acme-challenge" '' + # root /var/lib/acme/challenges/${domain}/; + # '') + #]; }; }; @@ -37,7 +38,7 @@ rec { { imports = [ ( manageCerts domains ) - ( activateACME (head domains) ) + #( activateACME (head domains) ) ]; }; |